Rolling Code Based Point of Access System For Event Tickets Stored In Mobile Access Devices

ABSTRACT

A system for providing ticket based authorized entry of a mobile access device includes a memory, a transceiver and a control module. The memory stores an access code of a ticket of an event to be accessed by the mobile access device. The mobile access device also stores the access code. The control module: determines an amount of time since the ticket was purchased or an amount of time since the access code of the ticket was last updated; and updates the access code stored in the memory and signals the mobile access device via the transceiver to update the access code stored at the mobile access device in response to the amount of time since the ticket was purchased exceeding a first predetermined amount of time or the amount of time since the access code of the ticket was last updated exceeding a second predetermined amount of time.

FIELD

The present disclosure relates to point of access security systems forticket required access events.

BACKGROUND

The background description provided here is for the purpose of generallypresenting the context of the disclosure. Work of the presently namedinventors, to the extent it is described in this background section, aswell as aspects of the description that may not otherwise qualify asprior art at the time of filing, are neither expressly nor impliedlyadmitted as prior art against the present disclosure.

An attendee to an event, such as a sporting event or a concert, can gainaccess to the event by purchasing a ticket online and downloading andpresenting the ticket to an attendant at the venue of the event. Theticket may be downloaded to the attendee's personal cellular phoneand/or other portable network device. As an example, the portablenetwork device may receive an encrypted code (e.g., QR code) when theticket is purchased. The attendee may then, on the day of the event,have the code scanned at a point of entry in order to be permitted intothe facility of the event. The attendant may scan the code or theattendee may hold the code in front of a scanner at, for example, aturnstile point of entry.

A passenger of a vehicle (e.g., an automobile, a bus, a train or anairplane) may similarly purchase a ticket online and present the ticketin the form of a QR code at a point of entry. For example, the passengermay have the QR code scanned by a vehicle attendant and/or a scanner ofthe vehicle prior to being permitted to enter the vehicle and/or thevehicle leaving a departure location.

SUMMARY

A system for providing ticket based authorized entry of a mobile accessdevice. The system includes a memory, a transceiver and a controlmodule. The memory is configured to store an access code of a ticket ofan event to be accessed by the mobile access device using the ticket.The mobile access device stores the access code. The transceiver isconfigured to communicate with the mobile access device. The controlmodule is configured to: determine when the ticket was purchased;determine at least one of (i) an amount of time since the ticket waspurchased, or (ii) an amount of time since the access code of the ticketwas last updated; and updates the access code stored in the memory andsignals the mobile access device via the transceiver to update theaccess code stored at the mobile access device in response to at leastone of (i) the amount of time since the ticket was purchased exceeding afirst predetermined amount of time, or (ii) the amount of time since theaccess code of the ticket was last updated exceeding a secondpredetermined amount of time. Access to the event by the mobile accessdevice and a corresponding ticket holder is based on the updated accesscode.

In other features, the control module is configured to (i) determine theamount of time since the ticket was purchased, and (ii) update theaccess code stored in the memory and signal the mobile access device toupdate the access code stored at the mobile access device in response tothe amount of time since the ticket was purchased having exceeded thefirst predetermined amount of time.

In other features, the control module is configured to (i) determine theamount of time since the access code of the ticket was last updated, and(ii) update the access code stored in the memory and signal the mobileaccess device to update the access code stored at the mobile accessdevice in response to the amount of time since the access code of theticket was last updated having exceeded the second predetermined amountof time.

In other features, the control module is configured to periodically,pseudo-randomly or randomly signal the mobile access device to updatethe access code stored in the memory and signal the mobile access deviceto update the access code stored at the mobile access device prior tothe ticket being used to gain entry to the event.

In other features, the control module is configured to (i) determine alocation of the mobile access device, and (ii) signal the mobile accessdevice to update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device when the mobile access device is within a predetermineddistance of a point of entry of the event.

In other features, the system is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of a previous access code.

In other features, a system is provided for ticket based authorizedentry of a mobile access device. The system includes a memory, atransceiver and a control module. The memory is configured to store anaccess code corresponding to a ticket of an event to be accessed by themobile access device, where the mobile access device stores the accesscode. The transceiver is configured to communicate with the mobileaccess device. The control module is configured to: determine a locationof the mobile access device relative to a check point location for theevent; determine whether the mobile access device is at or closer to apoint of entry of the event than the check point location; and inresponse to the determining that the mobile access device is at orcloser to the point of entry than the check point location, update theaccess code stored in the memory and signal the mobile access device viathe transceiver to update the access code stored at the mobile accessdevice. Access to the event by the mobile access device and acorresponding ticket holder is based on the updated access code.

In other features, the control module is configured to iteratively, foreach check point passed by the mobile access device, update the accesscode in the memory and the access code stored at the mobile accessdevice.

In other features, the control module is configured to (i) monitormovement of the mobile access device, and (ii) while the mobile accessdevice is moving and is within a predetermined range of the check pointlocation, update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device.

In other features, the system is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to update the accesscode stored in the memory based on an amount of time since the ticketwas purchased by the ticket holder associated with the mobile accessdevice.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, a station for providing ticket based authorized entryof a mobile access device is provided. The station includes a memory, atransceiver and a control module. The memory is configured to store anaccess code of a ticket of an event to be accessed by the mobile accessdevice using the ticket. The mobile access device stores the accesscode. The transceiver is configured to communicate with the mobileaccess device. The control module is configured to: determine when theticket was purchased; determine at least one of (i) an amount of timesince the ticket was purchased, or (ii) an amount of time since theaccess code of the ticket was last updated; and updates the access codestored in the memory and signals the mobile access device via thetransceiver to update the access code stored at the mobile access devicein response to at least one of (i) the amount of time since the ticketwas purchased exceeding a first predetermined amount of time, or (ii)the amount of time since the access code of the ticket was last updatedexceeding a second predetermined amount of time. Access to the event bythe mobile access device and a corresponding ticket holder is based onthe updated access code.

In other features, the control module is configured to (i) determine theamount of time since the ticket was purchased, and (ii) update theaccess code stored in the memory and signal the mobile access device toupdate the access code stored at the mobile access device in response tothe amount of time since the ticket was purchased having exceeded thefirst predetermined amount of time.

In other features, the control module is configured to (i) determine theamount of time since the access code of the ticket was last updated, and(ii) update the access code stored in the memory and signal the mobileaccess device to update the access code stored at the mobile accessdevice in response to the amount of time since the access code of theticket was last updated having exceeded the second predetermined amountof time.

In other features, the control module is configured to periodically,pseudo-randomly or randomly signal the mobile access device to updatethe access code stored in the memory and signal the mobile access deviceto update the access code stored at the mobile access device prior tothe ticket being used to gain entry to the event.

In other features, the control module is configured to (i) determine alocation of the mobile access device, and (ii) signal the mobile accessdevice to update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device when the mobile access device is within a predetermineddistance of a point of entry of the event.

In other features, the station is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of a previous access code.

In other features, a station for providing ticket based authorized entryof a mobile access device is provided. The station includes a memory, atransceiver and a control module. The memory is configured to store anaccess code corresponding to a ticket of an event to be accessed by themobile access device. The mobile access device stores the access code.The transceiver is configured to communicate with the mobile accessdevice. The control module is configured to: determine a location of themobile access device relative to a check point location for the event;determine whether the mobile access device is at or closer to a point ofentry of the event than the check point location; and in response to thedetermining that the mobile access device is at or closer to the pointof entry than the check point location, update the access code stored inthe memory and signal the mobile access device via the transceiver toupdate the access code stored at the mobile access device. Access to theevent by the mobile access device and a corresponding ticket holder isbased on the updated access code.

In other features, the control module is configured to iteratively, foreach check point passed by the mobile access device, update the accesscode in the memory and the access code stored at the mobile accessdevice.

In other features, the control module is configured to (i) monitormovement of the mobile access device, and (ii) while the mobile accessdevice is moving and is within a predetermined range of the check pointlocation, update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device.

In other features, the station is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to update the accesscode stored in the memory based on an amount of time since the ticketwas purchased by the ticket holder associated with the mobile accessdevice.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, A mobile access device is provided and includes amemory, a transceiver and a control module. The memory is configured tostore an access code of a ticket for an event. The transceiver isconfigured to communicate with a first station of the event. The controlmodule is configured to: receive a signal from the first station toupdate the access code based on time since the ticket was purchased or alocation of the mobile access device; update the access code stored inthe memory based on the signal; show or transmit the updated access codeto the first station or a second station as an access request when themobile access device is at a point of entry; and receive a signal fromthe first station or the second station indicating a status of theaccess request.

In other features, the control module is configured to update the accesscode stored in the memory without receiving an updated access code froma station.

In other features, the control module is configured to select a nextaccess code in a list of access codes stored in the memory in responseto receiving the signal to update the access code.

In other features, the control module is configured to generate theupdated access code based on a predetermined algorithm stored in thememory.

In other features, the signal includes an updated access code for theticket; and the control module replaces the access code stored in thememory with the updated access code included in the signal.

In other features, the control module is configured to append a newaccess code to at least a portion of the access code stored in thememory when updating the access code stored in the memory.

In other features, the control module is configured to: append a firstnew access code to the access code stored in the memory to form anupdated access code when the mobile access device passes the point ofentry a first time; and either (i) append a second new access code tothe first new access code and drop a remainder of the updated accesscode when the mobile access device passes the point of entry a secondtime, or (ii) append the second new access code to the remainder of theupdated access code and drop the first new access code when the mobileaccess device passes the point of entry the second time.

Further areas of applicability of the present disclosure will becomeapparent from the detailed description, the claims and the drawings. Thedetailed description and specific examples are intended for purposes ofillustration only and are not intended to limit the scope of thedisclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure will become more fully understood from thedetailed description and the accompanying drawings, wherein:

FIG. 1 is a functional block diagram of an example of a security accesssystem including a security central monitoring station, mobile accessdevices and check point stations in accordance with an embodiment of thepresent disclosure;

FIG. 2 is an overhead view of an example check point location includinga check point station and illustrating threshold code updating and pointof access entry based on a separation distance in accordance with thepresent disclosure;

FIG. 3 is a functional block diagram of an example of a security centralmonitoring station in accordance with the present disclosure;

FIG. 4 is a functional block diagram of a mobile access device inaccordance with the present disclosure;

FIG. 5 is a functional block diagram of a check point station inaccordance with an embodiment of the present disclosure;

FIG. 6 illustrates a method of operating a security central monitoringstation in accordance with an embodiment of the present disclosure;

FIG. 7 illustrates a method of operating a mobile access device inaccordance with an embodiment of the present disclosure; and

FIG. 8 illustrates a method of operating a check point station inaccordance with the present disclosure.

In the drawings, reference numbers may be reused to identify similarand/or identical elements.

DETAILED DESCRIPTION

A purchaser of a ticket (referred to herein as the “ticket holder”) foran event may have a ticket in the form of an encrypted code stored on amobile access device (e.g., cellular phone, tablet, wearable device,etc.). The encrypted code may be in the form of a QR code or otherencrypted code, which is shown at the venue to gain access to the event.Prior to arriving at the venue on the day of the event and/or prior tobeing at the point of access to the event, an attacking device of acyber criminal may attack the mobile access device and/or perform aspoofing process to copy and/or download the encrypted code. The user ofthe attacking device may then access the event prior to the ticketholder, thereby preventing the ticket holder from accessing the event.

The examples set forth herein include a mobile access device of a ticketholder obtaining updated encrypted access codes for a ticket to therebyprevent an attacking device from in effect stealing the ticket of theticket holder. The updated encrypted codes may be provided based on timeand/or geographical locations of the mobile access device. In oneembodiment, the provided encrypted codes are appended to previousencrypted codes and collectively used to verify whether the mobileaccess device and user of the mobile device are authorized to access theevent. The encrypted codes may be generated using rolling codegenerators, which may provide a next rolling code and/or othercredentials for accessing the event. These examples allow credentials tobe reissued and/or updated up until the mobile access device of theticket holder is within a predetermined distance of a point of entry ofthe event. As an example, the point of entry may be at a turnstile, agated entrance, at or near an x-ray scanner at an entryway, at adoorway, at an entrance of a vehicle, etc.

FIG. 1 shows a security access system 100 that includes a securitycentral monitoring station, 102, one or more mobile access devices 104,and one or more check point stations 106. The security centralmonitoring station 102 may be remotely located from the mobile accessdevices 104 and the check point stations 106. In the example shown, themobile access device 104A stores encrypted codes 108 including one ormore access codes and one or more user and mobile access deviceidentification and authorization codes. The access codes are associatedwith a purchased ticket purchased by a ticket holder. The ticket holdermay own and/or have authorized access to the mobile access device 104A.The security central monitoring station 102 provides, updates and/orinitiates updating of the encrypted access codes. The encrypted accesscodes may be shared with one or more of the check point stations 106that are at a point of entry to the event associated with the ticket. Inone embodiment, the security central monitoring station 102 isimplemented at a point of entry and/or is incorporated in a check pointstation at the point of entry. The security monitoring system may becentrally located at the venue of the event and/or remotely located awayfrom the check point stations 106.

The security central monitoring station 102 includes a rolling codegenerating module 110. The mobile access device 104A includes an accessmodule 112 and a memory 114 that stores the codes 108. In the exampleshown, the check point station 106A is at a point of entry and includesa verification module 116. In an embodiment, the access module 112 andthe verification module 116 operate as rolling code generating modules.The rolling code generating modules select, generate and/or determinenext access codes of a ticket. Each of the rolling code generatingmodules may be signaled and/or triggered to provide a next access codeand may provide that code independent of the other rolling codegenerating modules as further described below. In another embodiment,the rolling code generating module 110 generates a next access code andprovides the access code to the access module 112 and the verificationmodule 116.

The access module 112 may store the next (or updated) access code as oneof the codes 108 or replace one of the codes 108 with the updated accesscode. When the mobile access device 104A is presented on the day of theevent at the check point station 106A, the verification module 116verifies the codes provided by the mobile access device against updatedstored codes to determine if the mobile access device and correspondinguser are authorized to enter (i.e. gain access to the event). If accessis granted, the verification module 116 may, for example, unlock anentry device as further described below to allow the user of the mobileaccess device to enter the corresponding facility, stadium, vehicle,pavilion, arena, hall, etc. of the event. The rolling code generatingmodule 110 may be implemented at one of the check point stations 106.

Table 1 refers to a few example update methods that may be implementedby the security central monitoring station 102 and devices 104, 106.Although three methods are listed including a time-based method, ageographical location-based method, and an appending method, othermethods may be implemented and are described below. For example, acombination of the time-based, geographical location-based and appendingmethods may be implemented. The time-based method includes the rollingcode generating module 110 and/or other rolling code generating modulesperiodically, pseudo-randomly, or randomly providing an updated accesscode and/or initiating changing of a current access code of a ticket toan event. This time-based approach may be based on time since the ticketwas initially purchased, time since the mobile access device arrived ator is within a predetermined distance of the venue, time until the eventstarts, etc. In one embodiment, the access code is updated multipletimes prior to the ticket being validated and the user and mobile accessdevice gaining access to the event.

In one embodiment, a new access code is transmitted from the securitycentral monitoring station 102 to the mobile access device 104A. Inanother embodiment, the security central monitoring station 102 signalsthe mobile access device 104A to use a next predetermined access codepreviously stored at the security central monitoring station 102 and themobile access device 104A, for example, when the ticket was initiallypurchased. When the ticket is initially purchased, multiple access codesmay be provided and/or generated and stored in the mobile access device104A. These access codes are, at the time of purchase, known to themobile access device 104A and the security central monitoring station102 and may also be known to one or more of the check point stations106. These codes may also be provided and/or generated at one or more ofthe check point stations 106. The check point stations 106 may also beupdated when the mobile access device 104A is updated. The updates mayinclude the security central monitoring station 102 signaling the mobileaccess device 104A and the check point stations 106 with the updatedaccess code or signaling the mobile access device 104A and the checkpoint stations 106 to update the access code with a next stored accesscode. Other techniques for generating the next access codes are describebelow.

TABLE 1 Example Access Code Update Methods Event 5 3 Granting Ticket IDAccess (What 1 2 Matched to 4 Access Code Purchase Ticket ID MobileAccess Crossing is being Method of Identity Verification TicketGenerated Device Threshold Checked) Currently Physical/Digital — A A A ATicket UWB or Other Method 1 Time-Based — A A B . . . C . . . D . . . DSuitable Wireless Updates Communication Method 2 Geographical — A A B .. . C . . . C Frequency Range Location-Based Updates Method 3 AppendedUpdates — A A AB AB

Table 1 provides examples of the time-based, geographicallocation-based, and appending methods as compared to a traditionalapproach. Table 1 shows that for a traditional ticket purchase andaccess method a same access code A is provided at purchase of the ticketand is maintained and used to access the event. For the time-basedapproach, the access code is replaced multiple times prior to gainingaccess to the event based on when predetermined time thresholds havebeen exceeded. As shown, the access code is changed from A to B, then toC and then to D. The access code may be changed any number of timesprior to gaining access to the event.

The location-based method includes the rolling code generating module110 updating and/or initiating changing of the access code based ongeographical location of the mobile access device 104A. The rolling codegenerating module 110 may monitor the location of the mobile accessdevice 104A, for example, on the day of the event and/or a predeterminedperiod prior to the event starting. When the mobile access device 104Aarrives at and/or passes predetermined check point locations (referredto as “geographical threshold locations”) and or is within predetermineddistances of a point of entry, the rolling code generating module 110may provide a new access code and/or initiate updating of a currentaccess code.

In one embodiment, the new access code for the geographicallocation-based method may also be transmitted from the security centralmonitoring station 102 to the mobile access device. In anotherembodiment, the security central monitoring station 102 signals themobile access device to use a next predetermined access code previouslystored at the security central monitoring station 102 and the mobileaccess device 104A, for example, when the ticket was initiallypurchased. When the ticket is initially purchased, multiple access codesmay be provided and/or generated and stored in the mobile access deviceand changed when the mobile access device is physically at certainlocations. These access codes are, at the time of purchase, known to themobile access device 104A and the security central monitoring station102 and may be known to one or more of the check point stations 106.These codes may also be provided and/or generated at one or more of thecheck point stations 106. The check point stations 106 may also beupdated when the mobile access device 104A is updated. The updates mayinclude the security central monitoring station 102 signaling the mobileaccess device 104A and the check point stations 106 with the updatedaccess code or the signaling the mobile access device 104A and the checkpoint stations 106 to update the access code with a next stored accesscode.

The appending method includes the rolling code generating module 110updating and/or initiating changing of a current access code byappending a new access code to at least a portion of the current accesscode. The appending process may occur multiple times. This may betime-based and/or geographical location-based as described above. Table1 shows for the geographical location-based and the appending methodsthe access code is replaced or updated multiple times prior to gainingaccess to the event. For the geographical location-based approach, theaccess code is changed from A to B, then to C. For the appendingapproach, the access code is changed from A to AB, where B was appendedto A. The access code may be changed for both of these methods anynumber of times prior to gaining access to the event.

In one embodiment, the access code is changed when the mobile accessdevice is within a predetermined distance of a point of entry. Thisfurther minimizes the chances of an attacker copying the access code andusing the access code prior to the ticket holder. An example of this isillustrated by FIG. 2, which shows an example check point location 200including a check point station 202 and illustrating threshold codeupdating and point of access entry based on a predetermined separationdistance. A ticket holder (or ticket owner) 204 may be in line andwalking through a people flow control area 206 in the direction ofarrows 207 and holding a mobile access device 208. The check pointstation 202 and the mobile access device 208 may represent the checkpoint station 106A and the mobile access device 104A of FIG. 1. Themobile access device 208 has stored a current access code for a ticketto gain permitted entry for an event. The ticket holder 204 whilewalking through the flow control area 206 passes a separation distancepoint (or last code change point) 210 that is a predetermined separationdistance X from the point of entry 212. In one embodiment, theseparation distance X is minimized, such that the last access codeupdate occurs in time just prior to the mobile access device arriving atthe check point station 202. As an example, the separation distance maybe less than or equal to 10 feet (ft). As another example, theseparation distance may be less than 2 ft. Movement of the mobile accessdevice 208 may be monitored and when the mobile access device 208 ismoving and within a predetermined range of the check point station 202,the mobile access device 208 may be signaled to update the access codeas described herein. The triggering to update the access code may bereceived from the security central monitoring station 102 of FIG. 1 orthe check point station 202.

In another embodiment, the mobile access device 208 performs a“self-trigger” event in which a control module (e.g., control module 400of FIG. 4) of the mobile access device 208 monitors time since theticket was purchased and signals the security central monitoring station102 to perform an access code update. As another example, the controlmodule may determine distances between the mobile access device 208 andone or more predetermined reference points at the venue and when themobile access device 208 is within predetermined ranges of thepredetermined reference points, the control module may signal thesecurity central monitoring station 102 to perform an access codeupdate. The predetermined reference points, which may refer to GPScoordinates, may be determined when the corresponding ticket ispurchased and provided by the security central monitoring station 102 tothe mobile access device 208.

The check point station 202 may operate a gated entryway 230. Dashedrectangles 220, 222 may represent barriers guiding attendees to theevent and the gated entryway 230. The gated entryway 230 may include,for example, a turnstile, one or more gates, bars, etc. In the exampleshown, the gated entryway 230 include two gates 232, 234 that pivot inopposite direction to open a pathway for the ticket holder 204 to pass.

When the mobile access device 208 is at and/or passes the last codechange point 210, the current access code is updated a last time priorto being checked by the check point station 202. An access code for theticket holder is also updated at the check point station 202. Theupdates may be based on the geographical location and/or detectedlocation of the mobile access device 208 and may include replacement of,appending of and/or a combination thereof the current access code. Aportion of the current access code may be replaced or the whole currentaccess code may be replaced. In one embodiment, an updated access codeis appended to at least a portion of the current access code. The ticketholder 204 shows the updated access code (e.g., encrypted QR code) to ascanner of the check point station 202. The check point station 202scans the updated access code and if there is a match, opens the gatedentryway 230 to allow the ticket holder 204 to pass. If there is not amatch, the gated entryway 230 remains closed. A closed state of thegates 232, 234 is shown by solid line boxes. An open state of the gates232, 234 is shown by dashed line boxes.

When the mobile access devices 104 are within predetermined ranges ofthe security central monitoring station 102, and the mobile accessdevices 104 and the security central monitoring station 102 maycommunicate wirelessly using, for example, ultra-wide band (UWB)frequencies (e.g., 3.1-10.6 giga-Hertz (GHz)), the Bluetooth® low energy(BLE) frequency 2.4 GHz, wireless fidelity (Wi-Fi®) frequencies, orother suitable radio frequency (RF) frequencies. As an example, the UWBsignals may be spread over a large bandwidth of greater than 500Mega-Hertz (MHz). The BLE and/or UWB signals may be transmitted toand/or received from the mobile access devices 104 and used to connectwith and track a location and movement of the mobile access devices 104.When the mobile access devices 104 are outside of the predeterminedranges, the security central monitoring station 102 may communicate withthe mobile access devices 104 via cellular frequencies, the Internet,and/or other forms of communication. This communication may be over adistributed network. The security central monitoring station 102 maycommunicate with the check point stations 106 using wired or wirelesscommunication.

These and other examples are further described below.

FIG. 3 shows the security central monitoring station 102 that includes acontrol module 300, a transceiver 302, a memory 304 and a user interface306. The transceiver 302 may include a medium access control (MAC)module 308, a physical layer (PHY) module 310 and one or more antennas312. The control module 300 may execute a link authentication module 320and the rolling code generating module 110, which may include a timingmodule 322, a geographical location module 324, and/or an appendingupdate module 326.

The link authentication module 320 may authenticate mobile accessdevices 104 of FIG. 1 and establish secure communication links. Forexample, the link authentication module 320 may be configured toimplement challenge-response authentication or other cryptographicverification algorithms in order to authenticate the mobile accessdevices. This authentication may be based on the identification andauthorization information and/or associated codes. This information mayinclude any of the user identification, mobile access deviceidentification and/or authorization information referred to herein.

The rolling code generating module 110 may operate in a time-based mode,a location-based mode, an appending mode, or any combination thereof.The timing module 322 implements the time-based method and performsoperations to update access codes based on time as disclosed herein. Thegeographical location module 324 implements the location-based method toupdate access codes based on location of mobile access devices relativeto points of entry and/or check point locations. Each check pointlocation may or may not have a gate through which to pass, a metaldetector, a code scanner, and/or other security related detector and/orscanner. One or more of the check point locations may simply refer topredetermined locations, such as a parking lot, a parking structure, awalkway, a set of doors, a stairway, an elevator, a stairwell, a gatedentrance, a hallway, a tunnel, and/or other locations of a venue. Theappending update module 326 implements the appending method to updateaccess codes by having new access codes appended to previous accesscodes.

The memory 304 stores access codes 330 and identification andauthorization information 332. The access codes 330 include encryptedcodes of tickets. The identification and authorization information 332may include user identifiers (IDs), mobile access device IDs, userpersonal information including account numbers, home addresses, phonenumbers, usernames, passwords, etc. At least some of the identificationand authorization information 332 may be encrypted to provideidentification and authorization information codes, which may also bestored in the memory 304. The memory 304 may include a non-transitorycomputer-readable medium including read-only memory (ROM) and/orrandom-access memory (RAM). The user interface 306 may include, forexample, a display, a touchscreen, a microphone, a keyboard, a touchpad, etc.

In one embodiment, the security central monitoring station 102 transmitssignals to, receives signals from, is connected to, and/or wirelesslycommunicates with antenna modules 340. The antenna modules 340 may belocated at various locations in a facility and used to communicate withand/or monitor locations of mobile access devices. The antenna modules340 may transmit and receive high-frequency RF signals and may includeRF and/or UWB antennas. The antenna modules 340 may communicateaccording to Bluetooth®, UWB and/or Wi-Fi® protocols. Each of theantenna modules 340 may include a RF, BLE and/or UWB antenna and mayinclude a control module and/or other circuitry for RF, BLE and/or UWBsignal transmission.

Operation of the security central monitoring station is furtherdescribed below with respect to FIG. 6.

FIG. 4 shows an example of any of the mobile access devices 104 ofFIG. 1. The mobile access devices 104 may include cellular phones,wearable devices, tablets, laptop computers, and/or other portablenetwork devices. The mobile access devices 104 may be, for example, aBluetooth®-enabled and UWB-enabled communication device, such as a smartphone, smart watch, wearable electronic device, key fob, tablet device,or other device associated with a user. The user may be an owner and/orauthorized user of the mobile access device.

The mobile access device 104 may include a control module 400, atransceiver 402, sensors 404, a memory 406, and a user interface 408.The transceiver 402 may include a MAC module 410, a PHY module 412 andone or more antennas 414.

The control module 400 controls operation of the mobile access device104. In one embodiment, the control module 400 includes or is part of aBLE and/or UWB communication chipset. Alternatively, the control module400 may include or be part of a Wi-Fi or Wi-Fi direct communicationchipset.

The control module 400 includes the access module 112, also shown inFIG. 1, and communicates with the control module 300 of the securitycentral monitoring station 102 and the check point stations 106 andperforms access code updating operations identification operations,authentication operations, access operations and other operations asfurther described herein. The access module 112 may perform a signalexchange with the control module 300 of FIG. 2 and/or the verificationmodule 116 of FIG. 1 to allow the control module 300 and/or theverification module 116 to determine a location of the mobile accessdevice 104 relative to points of entry and/or check point stations. Thismay include the control module 400 of the mobile access device 104exchanging signals with the security central monitoring station 102and/or one or more of the check point stations 106 to determinedistances between the mobile access device 104 and points of entryand/or check points, some of which may be at the check point stations106.

The control module 400, although not shown in FIG. 4, may include and/orperform operations of a rolling code generating module, a timing module,a geographical location module and/or an appending module similar to themodules 10, 322, 324, and 326 of FIG. 3. The control module 400 maydetermine next access codes based on time and/or geographical locationof the mobile access device 104. This may be based on a signal exchangewith the control module 300 or a control module of a check pointstation. The control module 400 may append access codes as referred toherein.

The location of the mobile access device 104 may be determined using anyof the sensors 404. The control module 400 may transmit informationregarding the mobile access device 104, such as location, heading and/orvelocity information obtained from one or more of the sensors 404 to thesecurity central monitoring station 102 and/or the check point stations106. In the example shown, the sensors 404 include one or moreaccelerometers 420, a gyroscope 422, a global position system (GPS) 424,cameras 426, and/or other sensors (e.g., angular rate sensors). Singlesided ranging, double sided ranging, time-of-flight determining, roundtrip time determining, etc. may be performed to determine distancesbetween the mobile access devices 104 and the points of entry and/or thecheck points.

The memory 406 may store application code that is executable by thecontrol module 400. The memory 406 may store access codes 430 fortickets and identification and authorization information and/orassociated codes 432, such as that referred to herein. The memory 406may include a non-transitory computer-readable medium includingread-only memory (ROM) and/or random-access memory (RAM). The userinterface 408 may include a microphone, a display, a touchscreen, atouch pad, a keyboard, etc.

Operation of the mobile access device 104 is further described belowwith respect to FIG. 7.

FIG. 5 shows an example of any of the check point stations 106 ofFIG. 1. The check point station 106 may include a control module 500, atransceiver 502, sensors 504, a memory 506, actuators 508 and entrydevices 509. The transceiver 502 may include a MAC module 510, a PHYmodule 512 and one or more antennas 514.

The control module 500 controls operation of the check point station106. In one embodiment, the control module 500 includes or is part of aBLE and/or UWB communication chipset. Alternatively, the control module500 may include or be part of a Wi-Fi or Wi-Fi direct communicationchipset. The control module 500 includes the verification module 116,also shown in FIG. 1, and communicates with the control module 300 ofthe security central monitoring station 102 and the control module 400of the mobile access device 104 and performs access code updatingoperations identification operations, authentication operations, accessoperations and other verification operations as further describedherein. The control module 500 may share information regarding themobile access device 104 with the security central monitoring station102 and vice versa. The control module 500, although not shown in FIG.5, may include and/or perform operations of a rolling code generatingmodule, a timing module, a geographical location module and/or anappending module similar to the modules 10, 322, 324, and 326 of FIG. 3.The control module 500 may perform similarly as the control module 300.

At least some of the verification operations may be performed using thesensors 504, which may include a code scanner 520, one or more cameras522, a body part scanner 524, an x-ray scanner 526 and/or other sensors.The code scanner 520 may scan a code (e.g., a bar code, a QR code, orother encrypted code) showing on a display of the mobile access device104. The cameras 522 may be used to capture an image of the code. Thecameras may also be used to capture images of a ticket holder. The bodypart scanner 524 may be used to, for example, scan a finger (forfingerprint detection), an eye, and/or other body part of the ticketholder. The x-ray scanner 526 may scan people, bags and/or other gear todetect unpermitted objects. These scans may be performed at a point ofentry to gather codes as well as identification and/or mobile accessdevice identification information. Additionally or as an alternative,the control module 500 may wirelessly receive identification and/orauthorization information and/or codes from the mobile access device104.

The memory 506 may store application code that is executable by thecontrol module 500. The memory 506 may store access codes 530 fortickets and identification and authorization information and/orassociated codes 532, such as that referred to herein. The memory 506may include a non-transitory computer-readable medium includingread-only memory (ROM) and/or random-access memory (RAM).

The actuators 508 may be, for example, motors and have correspondinglinks, connecting members, gears, rollers, etc. for unlocking and/ormoving the entry devices 509. The entry devices 509 may include one ormore locks, gates, hinges, bars, doors, etc. As an example, the entrydevice 509 may include the gates 232, 234 of FIG. 2 and the actuators508 may include motors for unlocking and/or pivoting the gates 232, 234.

Operation of the check point station 106 is further described below withrespect to FIG. 8.

The control modules 300 and 500 and/or the antenna modules 340 of thestations 102 and 106 may measure a received signal strength of a signalreceived from the mobile access device 104 and generate a correspondingRSSI value. Additionally or alternatively, the control modules 300 and500 and/or the antenna modules 340 may take other measurements oftransmitted and received signals from the mobile access device 104, suchas an angle of arrival, a time of flight, a time of arrival, a timedifference of arrival, etc. As an example, time of flight calculationsmay be made to measure time of flight of UWB signals. The controlmodules 300 and 500 and/or the antenna modules 340, based on themeasured information, may then determine (i) a location of the mobileaccess device 104 relative to one or more points of entry and/or one ormore check points, and/or (ii) distances between the mobile accessdevice 104 and one or more points of entry and/or one or more checkpoints. This information may be shared with the control modules 300, 500and/or other station control modules.

The location and distance determinations may be based on similarinformation received from one or more of the antenna modules 340 of FIG.3 and/or other sensors. As an example, the control modules 300 and 500and/or the antenna modules 340 may determine the location of the mobileaccess device 104 based on, for example, patterns of received signalstrength indicator (RSSI) values corresponding to signals received fromthe mobile access device 104 by the antenna modules 340. A strong (orhigh) RSSI value indicates that the mobile access device 104 is close toa certain point (or location) of interest and a weak (or low) RSSI valueindicates that the mobile access device 104 is further away from thepoint of interest. By analyzing the RSSI values, the control modules 300and 500 and/or the antenna modules 340 may determine a location ofand/or a distance to the mobile access device relative to the point ofinterest. Additionally or alternatively, angle of arrival, angle ofdeparture, round trip timing, unmodulated carrier tone exchange, or timedifference of arrival measurements for the signals sent between themobile access device and the control modules 300 and 500 may also beused by the control modules 300 and 500 or the mobile access device 104to determine the location of the mobile access device 104. The antennamodules 340 may determine the location of and/or distance to the mobileaccess device 104 based on the measured information and communicate thelocation or distance to the control modules 300 and 500. Based on thedetermined location of or distance to the mobile access device 104relative to the point of interest, the control modules 300 and 500 maythen authorize and/or perform an action, such as permitting passagethrough an entryway.

FIG. 6 illustrates a method of operating a security central monitoringstation. Although the following operations of FIGS. 6-8 are primarilydescribed with respect to the implementations of FIGS. 1-5, theoperations may be easily modified to apply to other implementations ofthe present disclosure. The operations may be iteratively performed. Themethod of FIG. 6 may be performed while the methods of FIGS. 7-8 arebeing performed. The operations of FIG. 6 may be performed by a controlmodule and/or range module of the mobile access device.

The method may begin at 600. At 602, the control module 300 of thesecurity central monitoring station 102 may perform a ticket purchaseprocess with a network device of a purchaser of a ticket. This processmay be performed by the security central monitoring station 102 and/orby a different station. The network device of the purchaser may be themobile access device 104 of FIG. 4 or other network device. Anyinformation collected during the ticket purchase process, such aspurchaser identification information, ticket holder information, networkdevice identification information, address of purchaser and/or ticketholder, credit card information of purchaser, usernames of purchaserand/or ticket holder, passwords of purchaser and/or ticket holder, etc.may be provided to the control module 300. The purchaser and the ticketholder may be the same person or a different people.

At 604, the control module 300 of the security central monitoringstation 102 may receive identification and authorization information,such as any of the user identification, mobile access deviceidentification and/or authorization information referred to herein.Operation 604 may be performed in addition to or alternatively fromperforming operation 602. The identification and authorizationinformation may be provided by the mobile access device 104 or othernetwork device to the security central monitoring station 102. Theticket holder may purchase the ticket using the mobile access device 104or another network device and download the ticket (i.e. an access codeassociated with the ticket) to the mobile access device 104.

At 606, the control module 300 may generate, receive and/or store theinitial access code of the ticket. In one embodiment, the control module300 receives a set of access codes associated with the ticket andidentifies the first one of the access codes as the current access code.The other access codes may be arranged in a predetermined order and/ormay be accessed when determining a next access code. The access codesmay be selected in the predetermined order or using a predeterminedalgorithm, which may be shared with the control module 300, the controlmodule 400 of the mobile access device 104 and/or the control modules(e.g., the control module 500) of one or more check point stations.

At 608, the control module 300 determines if a current date is the dateof the event of the ticket purchased. If yes, operation 610 and/or 614are performed. In another embodiment, time-based updates of the accesscode are made prior to the event date.

The following operations 610, 612 may be performed while performingoperations 614, 616. At 610, the timing module 322 determines an amountof time past since the initial access code for the ticket was generatedand/or an amount of time since a last update of the access code. At 612,if the amount of time past since the initial access code was generatedis greater than or equal to a first predetermined amount and/or theamount of time since the last update is greater than or equal to asecond predetermined amount, then operation 618 is performed, otherwiseoperation 610 may be performed. At 618, the control module 300 generatesan updated access code for the ticket.

At 614, the geographical location module 324 determines a location ofthe mobile access device 104 relative to one or more points of accessand/or check points. This may include the geographical location module324 determining the location of the mobile access device 104 asdescribed above and/or one or more of the antenna modules 340, themobile access device 104 and/or one or more check point stations 106determining and reporting the location of the mobile access device 104to the geographical location module 324.

At 616, the geographical location module 324 determines whether themobile access device 104 has reached and/or passed one or more checkpoints and/or is within a separation distance X of a point of entry. Ifyes, operation 618 is performed, otherwise operation 614 may beperformed. If both 612 and 616 are true within a predetermined period ofeach other, then operation 618 may be performed once, as opposed tobeing performed twice (once for 612 and once for 616).

At 618, the rolling code generating module 110 may initiate generationof an updated access code for the ticket. This may include generating areplacement code, determining a next access code, and/or establishing alink with the mobile access device 104 to have the access code updated.

At 620, the control module 300 performs an access code update process.This may include the control module 300 performing a signal exchangewith the mobile access device 104 to verify identification andauthorization information and/or codes (IAAIAC) to make sure that themobile access device 104 is authorized to have the updated code and/oris performing the update. Assuring that the mobile access device 104performs the update, assures that the updated access code of the controlmodules 300 is the same updated access code of the control module 400.If authorized and/or performing the update, the rolling code generatingmodule 110 may update the current access code based on the replacementcode and/or the next access code. The rolling code generating module 110may signal the mobile access device 104 to update the current accesscode and, in response thereto, the mobile access device 104 may then (i)update the current access code independent of the rolling codegenerating module 110 generating an updated access code, (ii) replacethe current access code with the updated access code, and/or (iii)append an updated access code to at least a portion of the currentaccess code. The mobile access device 104 may update the current accesscode based on a signal and/or code received from the rolling codegenerating module 110. The code received from the rolling codegenerating module 110 may be the replacement code or updated codedetermined by the rolling code generating module 110. The rolling codegenerating module 110 and the control module 400 may exchange signals tomake sure that the modules 110 and 400 are on a same access code whenindependently updating the access code. The signals may not include thecodes, but rather an indication of what codes were generated and/orselected. The rolling code generating module 110 may similarly signalthe control module 500 of the check point station 106 and/or other checkpoint stations to update the access codes stored in the check pointstations. The signal may include the updated access codes or anindicator to update the access code.

In one embodiment, when the ticket holder passes through a point ofentry for an event multiple times due to the ticket holder leaving thecorresponding facility one or more times, the control modules 300, 400,500 create different appended access codes each time the ticket holderreturns. For example, the control modules 300, 400, 500 may append afirst access code B to a current access code A prior to the ticketholder passing through the point of entry of the facility a first timefor an event to generate a first updated access code AB and then, afterthe ticket holder leaves the facility and returns to the facility forthe same event, appends (i) a second access code C to the first updatedaccess code AB to generate a second updated access code (e.g., ABC), or(ii) the second access code C to a portion of the first updated accesscode AB to generate a second updated access code (e.g., AC or BC).

At 622, the control module 300 may determine if the ticket has been usedand access has been granted. If yes, the method may end at 624,otherwise operations 610 and/or 614 may be performed. When the ticketholder leaves, for example, the facility of the event and returns forthe same event and reenters the facility, the control module may returnto operations 610 and/or 614.

FIG. 7 shows a method of operating the mobile access device 104. Themethod may begin at 700. At 702, the control module 400 of the mobileaccess device 104 may receive and store identification and authorizationinformation in the memory 406. At 704, the control module 400 receivesand stores an access code corresponding to a purchased ticket. Theticket purchaser may purchase the ticket using the mobile access device104 or other network device. The ticket include the access code may bedownloaded to the mobile access device 104. The ticket may be purchased,for example, via the Internet. Other information may also be downloadedto the mobile access device, such as the address of the venue, a receiptfor the purchase, predetermined reference points for self-triggeringaccess code updates, etc. If the mobile access device 104 is to performa rolling code operation, a set of access codes may be downloaded andinstructions for accessing and/or selecting a next access code. Theinstructions may include an order of the access codes to follow forselection, an algorithm for selecting the next access code, one or moreequations, etc.

At 706, the mobile access device 104 is moved closer to the venue,facility, and/or vehicle of the event associated with the ticket.

At 708, the access module 112 operates in the time-based mode and mayreceive signals from the control module 300 or the control module 500 toconfirm IAAIAC and initiate updating of the access code due to apredetermined amount of passage of time since the ticket was purchasedand/or a predetermined amount of time since a last update of the accesscode occurred. The signals may include an updated access code or simplyan indicator for the control module 400 to update the access code.

At 710, the access module 112 operates in the location-based mode andmay receive signals from the control module 300 or the control module500 to confirm IAAIC and initiate updating of the access code due to themobile access device 104 being located at and/or passing a check pointlocation. The signal may include an updated access code or simply anindicator for the control module 400 to update the access code.

At 712, the access module 112 determines whether it is operating in theappending mode. If operating in the appending mode, operation 716 isperformed, otherwise operation 714 is performed.

At 714, the access module 112 replaces the current (or previous) accesscode with an updated access code. The updated access code may beaccessed from the memory 406, received from the control module 300 orthe control module 500, or generated by the access module 112 based on apredetermined algorithm. Each of the control modules 300, 400, 500 maystore the same algorithm for generating the next access code.

At 716, the access module 112 appends a new access code to at least aportion of the last previous access code. This may include accessing thenew access code from the memory 406, receiving the new access code fromthe control module 300 or the control module 500, or generating the newaccess code based on the predetermined algorithm.

At 718, the access module 112 may determine whether a signal has beenreceived to show and/or transmit codes for entry. This may occur, forexample, when the mobile access device 104 is at a point of entry and isproviding the codes to a check point station to gain permitted entry forthe event. As an example, a ticket holder may provide an input to showthe latest access code to a scanner of the check point station. Asanother example, the ticket holder may provide an input to transmit thecodes to the check point station.

At 720, the access module shows and/or transmits the latest access code(or codes) and/or the identification and/or authorization informationand/or codes to the check point station. At 722, the access module 112may receive a signal from the check point station indicating status ofaccess request. For example, the mobile access device may display aphrase “access codes validated—entry permitted” or the phrase “one ormore invalid codes received—entry denied”. The method may end at 724.

FIG. 8 shows a method of operating a check point station 106 at a pointof entry. The method may begin at 800. At 802, the controller 500 of thecheck point station 106 may receive access codes and/or IAAIAC from themobile access device 104 at a point of entry.

At 804, the controller 500 may perform a verification process to verifythe access codes and the IAAIAC. This may include comparing the codesand/or information to stored codes and/or information to determine ifthere is a match.

At 806, if the access codes and/or IAAIAC are validated, operation 808is performed, otherwise operation 810 is performed. At 808, the controlmodule 500 signals the actuators 508 to actuate the entry devices 509 toprovide permitted entry as described above. At 810, the control module500 prevents access, which may include maintaining entry devices inlocked and closed states. The method may end at 812.

The above-described operations of FIGS. 6-8 are meant to be illustrativeexamples. The operations may be performed sequentially, synchronously,simultaneously, continuously, during overlapping time periods or in adifferent order depending upon the application. Also, any of theoperations may not be performed or skipped depending on theimplementation and/or sequence of events.

The examples set forth herein aid in preventing attackers from obtainingaccess codes for tickets purchased by others. The examples aid inpreventing or counteracting cyber attacks which often occur remotely viathe Internet. The examples cause ticket credentials to be reissued. Forexample, a ticket credential may be reissued prior to, at or subsequentto a mobile access device crossing a geographical threshold. The ticketcredential may be reissued when a timing threshold has been exceeded.The examples provide the updates close to when the ticket is to be usedby the ticket holder resulting in there to not being enough time for anattacker to steal or copy an access code of the ticket before the ticketis used by the ticket holder. Access codes are updated based on timesince a ticket was purchased and/or a location of a mobile access devicestoring the ticket. A rolling code type credential may be generated whenthe mobile access device is within a predetermined range of a point ofentry. An access granting device (e.g., a security central monitoringstation, a check point station, and/or other access granting device) maytrigger the rolling code generation of a next access code. Any numberand/or portions of previously generated access codes may be appended toform a current access code. A combination of the location based andappending approaches prevents an access code (or key) from beingduplicated and/or stolen because the granted access is based on aprevious key and the key being generated at or near the point of access.The key provided at or near the point of access cannot be stolen sincethe key is generated very close to the point of access. Put another way,an attacking device that mirrors (copies) the previous key will not getthe update at the point of access and as a result will be denied entry.

A system for providing ticket based authorized entry of a mobile accessdevice. The system includes a memory, a transceiver and a controlmodule. The memory is configured to store an access code of a ticket ofan event to be accessed by the mobile access device using the ticket.The mobile access device stores the access code. The transceiver isconfigured to communicate with the mobile access device. The controlmodule is configured to: determine when the ticket was purchased;determine at least one of (i) an amount of time since the ticket waspurchased, or (ii) an amount of time since the access code of the ticketwas last updated; and updates the access code stored in the memory andsignals the mobile access device via the transceiver to update theaccess code stored at the mobile access device in response to at leastone of (i) the amount of time since the ticket was purchased exceeding afirst predetermined amount of time, or (ii) the amount of time since theaccess code of the ticket was last updated exceeding a secondpredetermined amount of time. Access to the event by the mobile accessdevice and a corresponding ticket holder is based on the updated accesscode.

In other features, the control module is configured to (i) determine theamount of time since the ticket was purchased, and (ii) update theaccess code stored in the memory and signal the mobile access device toupdate the access code stored at the mobile access device in response tothe amount of time since the ticket was purchased having exceeded thefirst predetermined amount of time.

In other features, the control module is configured to (i) determine theamount of time since the access code of the ticket was last updated, and(ii) update the access code stored in the memory and signal the mobileaccess device to update the access code stored at the mobile accessdevice in response to the amount of time since the access code of theticket was last updated having exceeded the second predetermined amountof time.

In other features, the control module is configured to periodically,pseudo-randomly or randomly signal the mobile access device to updatethe access code stored in the memory and signal the mobile access deviceto update the access code stored at the mobile access device prior tothe ticket being used to gain entry to the event.

In other features, the control module is configured to (i) determine alocation of the mobile access device, and (ii) signal the mobile accessdevice to update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device when the mobile access device is within a predetermineddistance of a point of entry of the event.

In other features, the system is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of a previous access code.

In other features, a system is provided for ticket based authorizedentry of a mobile access device. The system includes a memory, atransceiver and a control module. The memory is configured to store anaccess code corresponding to a ticket of an event to be accessed by themobile access device, where the mobile access device stores the accesscode. The transceiver is configured to communicate with the mobileaccess device. The control module is configured to: determine a locationof the mobile access device relative to a check point location for theevent; determine whether the mobile access device is at or closer to apoint of entry of the event than the check point location; and inresponse to the determining that the mobile access device is at orcloser to the point of entry than the check point location, update theaccess code stored in the memory and signal the mobile access device viathe transceiver to update the access code stored at the mobile accessdevice. Access to the event by the mobile access device and acorresponding ticket holder is based on the updated access code.

In other features, the control module is configured to iteratively, foreach check point passed by the mobile access device, update the accesscode in the memory and the access code stored at the mobile accessdevice.

In other features, the control module is configured to (i) monitormovement of the mobile access device, and (ii) while the mobile accessdevice is moving and is within a predetermined range of the check pointlocation, update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device.

In other features, the system is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to update the accesscode stored in the memory based on an amount of time since the ticketwas purchased by the ticket holder associated with the mobile accessdevice.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, a station for providing ticket based authorized entryof a mobile access device is provided. The station includes a memory, atransceiver and a control module. The memory is configured to store anaccess code of a ticket of an event to be accessed by the mobile accessdevice using the ticket. The mobile access device stores the accesscode. The transceiver is configured to communicate with the mobileaccess device. The control module is configured to: determine when theticket was purchased; determine at least one of (i) an amount of timesince the ticket was purchased, or (ii) an amount of time since theaccess code of the ticket was last updated; and updates the access codestored in the memory and signals the mobile access device via thetransceiver to update the access code stored at the mobile access devicein response to at least one of (i) the amount of time since the ticketwas purchased exceeding a first predetermined amount of time, or (ii)the amount of time since the access code of the ticket was last updatedexceeding a second predetermined amount of time. Access to the event bythe mobile access device and a corresponding ticket holder is based onthe updated access code.

In other features, the control module is configured to (i) determine theamount of time since the ticket was purchased, and (ii) update theaccess code stored in the memory and signal the mobile access device toupdate the access code stored at the mobile access device in response tothe amount of time since the ticket was purchased having exceeded thefirst predetermined amount of time.

In other features, the control module is configured to (i) determine theamount of time since the access code of the ticket was last updated, and(ii) update the access code stored in the memory and signal the mobileaccess device to update the access code stored at the mobile accessdevice in response to the amount of time since the access code of theticket was last updated having exceeded the second predetermined amountof time.

In other features, the control module is configured to periodically,pseudo-randomly or randomly signal the mobile access device to updatethe access code stored in the memory and signal the mobile access deviceto update the access code stored at the mobile access device prior tothe ticket being used to gain entry to the event.

In other features, the control module is configured to (i) determine alocation of the mobile access device, and (ii) signal the mobile accessdevice to update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device when the mobile access device is within a predetermineddistance of a point of entry of the event.

In other features, the station is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of a previous access code.

In other features, a station for providing ticket based authorized entryof a mobile access device is provided. The station includes a memory, atransceiver and a control module. The memory is configured to store anaccess code corresponding to a ticket of an event to be accessed by themobile access device. The mobile access device stores the access code.The transceiver is configured to communicate with the mobile accessdevice. The control module is configured to: determine a location of themobile access device relative to a check point location for the event;determine whether the mobile access device is at or closer to a point ofentry of the event than the check point location; and in response to thedetermining that the mobile access device is at or closer to the pointof entry than the check point location, update the access code stored inthe memory and signal the mobile access device via the transceiver toupdate the access code stored at the mobile access device. Access to theevent by the mobile access device and a corresponding ticket holder isbased on the updated access code.

In other features, the control module is configured to iteratively, foreach check point passed by the mobile access device, update the accesscode in the memory and the access code stored at the mobile accessdevice.

In other features, the control module is configured to (i) monitormovement of the mobile access device, and (ii) while the mobile accessdevice is moving and is within a predetermined range of the check pointlocation, update the access code stored in the memory and signal themobile access device to update the access code stored at the mobileaccess device.

In other features, the station is configured to: receive the access codestored at the mobile access device; compare the access code receivedfrom the mobile access device to the updated access code; determinewhether the received access code from the mobile access device is valid;and in response to determining that the access code received from themobile access device is valid, actuate an entry device to providepermitted passage to the event for the ticket holder of the mobileaccess device.

In other features, the control module is configured to update the accesscode stored in the memory based on an amount of time since the ticketwas purchased by the ticket holder associated with the mobile accessdevice.

In other features, the control module is configured to, when updatingthe access code stored in the memory append a new access code to atleast a portion of the access code stored in the memory or at least aportion of the updated access code.

In other features, A mobile access device is provided and includes amemory, a transceiver and a control module. The memory is configured tostore an access code of a ticket for an event. The transceiver isconfigured to communicate with a first station of the event. The controlmodule is configured to: receive a signal from the first station toupdate the access code based on time since the ticket was purchased or alocation of the mobile access device; update the access code stored inthe memory based on the signal; show or transmit the updated access codeto the first station or a second station as an access request when themobile access device is at a point of entry; and receive a signal fromthe first station or the second station indicating a status of theaccess request.

In other features, the control module is configured to update the accesscode stored in the memory without receiving an updated access code froma station.

In other features, the control module is configured to select a nextaccess code in a list of access codes stored in the memory in responseto receiving the signal to update the access code.

In other features, the control module is configured to generate theupdated access code based on a predetermined algorithm stored in thememory.

In other features, the signal includes an updated access code for theticket; and the control module replaces the access code stored in thememory with the updated access code included in the signal.

In other features, the control module is configured to append a newaccess code to at least a portion of the access code stored in thememory when updating the access code stored in the memory.

In other features, the control module is configured to: append a firstnew access code to the access code stored in the memory to form anupdated access code when the mobile access device passes the point ofentry a first time; and either (i) append a second new access code tothe first new access code and drop a remainder of the updated accesscode when the mobile access device passes the point of entry a secondtime, or (ii) append the second new access code to the remainder of theupdated access code and drop the first new access code when the mobileaccess device passes the point of entry the second time.

Although the terms first, second, third, etc. may be used herein todescribe various distances, boundaries, rates, periods, steps, elements,components, regions, layers and/or sections, these distances,boundaries, rates, periods, steps, elements, components, regions, layersand/or sections should not be limited by these terms, unless otherwiseindicated. These terms may be only used to distinguish one distance,boundary, rate, period, step, element, component, region, layer orsection from another step, element, component, region, layer or section.Terms such as “first,” “second,” and other numerical terms when usedherein do not imply a sequence or order unless clearly indicated by thecontext. Thus, a first distance, boundary, rate, period, step, element,component, region, layer or section discussed below could be termed asecond distance, boundary, rate, period, step, element, component,region, layer or section without departing from the teachings of theexample embodiments.

The foregoing description is merely illustrative in nature and is in noway intended to limit the disclosure, its application, or uses. Thebroad teachings of the disclosure can be implemented in a variety offorms. Therefore, while this disclosure includes particular examples,the true scope of the disclosure should not be so limited since othermodifications will become apparent upon a study of the drawings, thespecification, and the following claims. It should be understood thatone or more steps within a method may be executed in different order (orconcurrently) without altering the principles of the present disclosure.Further, although each of the embodiments is described above as havingcertain features, any one or more of those features described withrespect to any embodiment of the disclosure can be implemented in and/orcombined with features of any of the other embodiments, even if thatcombination is not explicitly described. In other words, the describedembodiments are not mutually exclusive, and permutations of one or moreembodiments with one another remain within the scope of this disclosure.

Spatial and functional relationships between elements (for example,between modules, circuit elements, semiconductor layers, etc.) aredescribed using various terms, including “connected,” “engaged,”“coupled,” “adjacent,” “next to,” “on top of,” “above,” “below,” and“disposed.” Unless explicitly described as being “direct,” when arelationship between first and second elements is described in the abovedisclosure, that relationship can be a direct relationship where noother intervening elements are present between the first and secondelements, but can also be an indirect relationship where one or moreintervening elements are present (either spatially or functionally)between the first and second elements. As used herein, the phrase atleast one of A, B, and C should be construed to mean a logical (A OR BOR C), using a non-exclusive logical OR, and should not be construed tomean “at least one of A, at least one of B, and at least one of C.”

In the figures, the direction of an arrow, as indicated by thearrowhead, generally demonstrates the flow of information (such as dataor instructions) that is of interest to the illustration. For example,when element A and element B exchange a variety of information butinformation transmitted from element A to element B is relevant to theillustration, the arrow may point from element A to element B. Thisunidirectional arrow does not imply that no other information istransmitted from element B to element A. Further, for information sentfrom element A to element B, element B may send requests for, or receiptacknowledgements of, the information to element A.

In this application, including the definitions below, the term “module”or the term “controller” may be replaced with the term “circuit.” Theterm “module” may refer to, be part of, or include: an ApplicationSpecific Integrated Circuit (ASIC); a digital, analog, or mixedanalog/digital discrete circuit; a digital, analog, or mixedanalog/digital integrated circuit; a combinational logic circuit; afield programmable gate array (FPGA); a processor circuit (shared,dedicated, or group) that executes code; a memory circuit (shared,dedicated, or group) that stores code executed by the processor circuit;other suitable hardware components that provide the describedfunctionality; or a combination of some or all of the above, such as ina system-on-chip.

The module may include one or more interface circuits. In some examples,the interface circuits may include wired or wireless interfaces that areconnected to a local area network (LAN), the Internet, a wide areanetwork (WAN), or combinations thereof. The functionality of any givenmodule of the present disclosure may be distributed among multiplemodules that are connected via interface circuits. For example, multiplemodules may allow load balancing. In a further example, a server (alsoknown as remote, or cloud) module may accomplish some functionality onbehalf of a client module.

The term code, as used above, may include software, firmware, and/ormicrocode, and may refer to programs, routines, functions, classes, datastructures, and/or objects. The term shared processor circuitencompasses a single processor circuit that executes some or all codefrom multiple modules. The term group processor circuit encompasses aprocessor circuit that, in combination with additional processorcircuits, executes some or all code from one or more modules. Referencesto multiple processor circuits encompass multiple processor circuits ondiscrete dies, multiple processor circuits on a single die, multiplecores of a single processor circuit, multiple threads of a singleprocessor circuit, or a combination of the above. The term shared memorycircuit encompasses a single memory circuit that stores some or all codefrom multiple modules. The term group memory circuit encompasses amemory circuit that, in combination with additional memories, storessome or all code from one or more modules.

The term memory circuit is a subset of the term computer-readablemedium. The term computer-readable medium, as used herein, does notencompass transitory electrical or electromagnetic signals propagatingthrough a medium (such as on a carrier wave); the term computer-readablemedium may therefore be considered tangible and non-transitory.Non-limiting examples of a non-transitory, tangible computer-readablemedium are nonvolatile memory circuits (such as a flash memory circuit,an erasable programmable read-only memory circuit, or a mask read-onlymemory circuit), volatile memory circuits (such as a static randomaccess memory circuit or a dynamic random access memory circuit),magnetic storage media (such as an analog or digital magnetic tape or ahard disk drive), and optical storage media (such as a CD, a DVD, or aBlu-ray Disc).

The apparatuses and methods described in this application may bepartially or fully implemented by a special purpose computer created byconfiguring a general purpose computer to execute one or more particularfunctions embodied in computer programs. The functional blocks,flowchart components, and other elements described above serve assoftware specifications, which can be translated into the computerprograms by the routine work of a skilled technician or programmer.

The computer programs include processor-executable instructions that arestored on at least one non-transitory, tangible computer-readablemedium. The computer programs may also include or rely on stored data.The computer programs may encompass a basic input/output system (BIOS)that interacts with hardware of the special purpose computer, devicedrivers that interact with particular devices of the special purposecomputer, one or more operating systems, user applications, backgroundservices, background applications, etc.

The computer programs may include: (i) descriptive text to be parsed,such as HTML (hypertext markup language), XML (extensible markuplanguage), or JSON (JavaScript Object Notation) (ii) assembly code,(iii) object code generated from source code by a compiler, (iv) sourcecode for execution by an interpreter, (v) source code for compilationand execution by a just-in-time compiler, etc. As examples only, sourcecode may be written using syntax from languages including C, C++, C#,Objective-C, Swift, Haskell, Go, SQL, R, Lisp, Java®, Fortran, Perl,Pascal, Curl, OCaml, Javascript®, HTML5 (Hypertext Markup Language 5threvision), Ada, ASP (Active Server Pages), PHP (PHP: HypertextPreprocessor), Scala, Eiffel, Smalltalk, Erlang, Ruby, Flash®, VisualBasic®, Lua, MATLAB, SIMULINK, and Python®.

What is claimed is:
 1. A system for providing ticket based authorizedentry of a mobile access device, the system comprising: a memoryconfigured to store an access code of a ticket of an event to beaccessed by the mobile access device using the ticket, wherein themobile access device stores the access code; a transceiver configured tocommunicate with the mobile access device; and a control moduleconfigured to determine when the ticket was purchased, determine atleast one of (i) an amount of time since the ticket was purchased, or(ii) an amount of time since the access code of the ticket was lastupdated, and updates the access code stored in the memory and signalsthe mobile access device via the transceiver to update the access codestored at the mobile access device in response to at least one of (i)the amount of time since the ticket was purchased exceeding a firstpredetermined amount of time, or (ii) the amount of time since theaccess code of the ticket was last updated exceeding a secondpredetermined amount of time, wherein access to the event by the mobileaccess device and a corresponding ticket holder is based on the updatedaccess code.
 2. The system of claim 1, wherein the control module isconfigured to (i) determine the amount of time since the ticket waspurchased, and (ii) update the access code stored in the memory andsignal the mobile access device to update the access code stored at themobile access device in response to the amount of time since the ticketwas purchased having exceeded the first predetermined amount of time. 3.The system of claim 1, wherein the control module is configured to (i)determine the amount of time since the access code of the ticket waslast updated, and (ii) update the access code stored in the memory andsignal the mobile access device to update the access code stored at themobile access device in response to the amount of time since the accesscode of the ticket was last updated having exceeded the secondpredetermined amount of time.
 4. The system of claim 1, wherein thecontrol module is configured to periodically, pseudo-randomly orrandomly signal the mobile access device to update the access codestored in the memory and signal the mobile access device to update theaccess code stored at the mobile access device prior to the ticket beingused to gain entry to the event.
 5. The system of claim 1, wherein thecontrol module is configured to (i) determine a location of the mobileaccess device, and (ii) signal the mobile access device to update theaccess code stored in the memory and signal the mobile access device toupdate the access code stored at the mobile access device when themobile access device is within a predetermined distance of a point ofentry of the event.
 6. The system of claim 1, wherein the system isconfigured to: receive the access code stored at the mobile accessdevice; compare the access code received from the mobile access deviceto the updated access code; determine whether the received access codefrom the mobile access device is valid; and in response to determiningthat the access code received from the mobile access device is valid,actuate an entry device to provide permitted passage to the event forthe ticket holder of the mobile access device.
 7. The system of claim 1,wherein the control module is configured to, when updating the accesscode stored in the memory append a new access code to at least a portionof a previous access code.
 8. A system for providing ticket basedauthorized entry of a mobile access device, the system comprising: amemory configured to store an access code corresponding to a ticket ofan event to be accessed by the mobile access device, wherein the mobileaccess device stores the access code; a transceiver configured tocommunicate with the mobile access device; and a control moduleconfigured to determine a location of the mobile access device relativeto a check point location for the event, determine whether the mobileaccess device is at or closer to a point of entry of the event than thecheck point location, and in response to the determining that the mobileaccess device is at or closer to the point of entry than the check pointlocation, update the access code stored in the memory and signal themobile access device via the transceiver to update the access codestored at the mobile access device, wherein access to the event by themobile access device and a corresponding ticket holder is based on theupdated access code.
 9. The system of claim 8, wherein the controlmodule is configured to iteratively, for each check point passed by themobile access device, update the access code in the memory and theaccess code stored at the mobile access device.
 10. The system of claim8, wherein the control module is configured to (i) monitor movement ofthe mobile access device, and (ii) while the mobile access device ismoving and is within a predetermined range of the check point location,update the access code stored in the memory and signal the mobile accessdevice to update the access code stored at the mobile access device. 11.The system of claim 8, wherein the system is configured to: receive theaccess code stored at the mobile access device; compare the access codereceived from the mobile access device to the updated access code;determine whether the received access code from the mobile access deviceis valid; and in response to determining that the access code receivedfrom the mobile access device is valid, actuate an entry device toprovide permitted passage to the event for the ticket holder of themobile access device.
 12. The system of claim 8, wherein the controlmodule is configured to update the access code stored in the memorybased on an amount of time since the ticket was purchased by the ticketholder associated with the mobile access device.
 13. The system of claim12, wherein the control module is configured to, when updating theaccess code stored in the memory append a new access code to at least aportion of the access code stored in the memory or at least a portion ofthe updated access code.
 14. The system of claim 8, wherein the controlmodule is configured to, when updating the access code stored in thememory append a new access code to at least a portion of the access codestored in the memory or at least a portion of the updated access code.15. A mobile access device comprising: a memory configured to store anaccess code of a ticket for an event; a transceiver configured tocommunicate with a first station of the event; and a control moduleconfigured to receive a signal from the first station to update theaccess code based on time since the ticket was purchased or a locationof the mobile access device, update the access code stored in the memorybased on the signal, show or transmit the updated access code to thefirst station or a second station as an access request when the mobileaccess device is at a point of entry, and receive a signal from thefirst station or the second station indicating a status of the accessrequest.
 16. The mobile access device of claim 15, wherein the controlmodule is configured to update the access code stored in the memorywithout receiving an updated access code from a station.
 17. The mobileaccess device of claim 15, wherein the control module is configured toselect a next access code in a list of access codes stored in the memoryin response to receiving the signal to update the access code.
 18. Themobile access device of claim 15, wherein the control module isconfigured to generate the updated access code based on a predeterminedalgorithm stored in the memory.
 19. The mobile access device of claim15, wherein: the signal includes an updated access code for the ticket;and the control module replaces the access code stored in the memorywith the updated access code included in the signal.
 20. The mobileaccess device of claim 15, wherein the control module is configured toappend a new access code to at least a portion of the access code storedin the memory when updating the access code stored in the memory. 21.The mobile access device of claim 15, wherein the control module isconfigured to: append a first new access code to the access code storedin the memory to form an updated access code when the mobile accessdevice passes the point of entry a first time; and either append asecond new access code to the first new access code and drop a remainderof the updated access code when the mobile access device passes thepoint of entry a second time, or append the second new access code tothe remainder of the updated access code and drop the first new accesscode when the mobile access device passes the point of entry the secondtime.